CVE-2026-44172

CVE-2026-44172 affects MariaDB (community fork of MySQL). In versions 3.3.18 and 3.4.8, non-validated user input escaped with mysql_real_escape_string() and sent via text protocol using the big5 character set could be exploited for SQL injection, despite the escaping attempt. The issue has been p...

CVE-2026-8295

An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "stringbuilder::escapeandappend" when processing very large input strings on platforms with limited "sizet" width e.g., 32-bit builds. The overflow can cause insufficient buffer...

CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug

Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...

i18next-http-middleware: HTTP response splitting and DoS via unsanitised Content-Language header

Summary Versions of i18next-http-middleware prior to 3.9.3 wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which is an HTML-entity encoder that does not strip carriage return, line feed, or other control characters. When the...

GHSA-G82G-M9VX-VHJG Kimai has Stored XSS via Incomplete HTML Attribute Escaping in Team Member Widget

Summary The client-side escapeForHtml function in KimaiEscape.js, introduced in commit 89bfa82c 2959 to fix a JavaScript XSS vulnerability, only escapes , and & but does not escape " double quote or ' single quote. When user-controlled data profile alias is placed in an HTML attribute context...

EUVD-2026-11333

Shescape escape leaves bracket glob expansion active on Bash, BusyBox, and Dash...

CVE-2026-32094 Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...

CVE-2026-32094 Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...

glib: Integer overflow in in g_escape_uri_string()

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

Moderate: Red Hat Security Advisory: glib2 security update

An update for glib2 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Astra Linux – Vulnerability in glib2.0

A heap-based buffer overflow issue was discovered in glib due to an incorrect calculation of the buffer size in the gescapeuristring function. If the string to be escaped contains a very large number of unacceptable characters which would require escaping, the calculation of the length of the...

CVE-2022-31180

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if ...

EUVD-2021-2066

Malware in sbrugna...

EUVD-2015-7774

Malware in sbrugna...

EUVD-2017-0075

Malware in sbrugna...

EUVD-2022-7081

Malicious code in bioql PyPI...

CLSA-2025-1757490210 Fix CVE(s): CVE-2025-1735

SECURITY UPDATE: inadequate validation in pgsql and pdopgsql functions - debian/patches/CVE-2025-1735.patch: Add error checks for escape function in pgsql and pdopgsql extensions to prevent potential security issues - CVE-2025-1735...

CLSA-2025-1753793859 php: Fix of 3 CVEs

CVE-2025-1220: error if host contains null bytes in the middle of the string - CVE-2025-6491: fix NULL pointer dereference vulnerability in soap - CVE-2025-1735: add error error checks for escape function is pgsql and pdopgsql extensions...

PHP 安全漏洞

PHP is a scripting language for PHP that is executed server-side. A security vulnerability exists in PHP versions prior to 8.1.33, prior to 8.2.29, prior to 8.3.23, and prior to 8.4.10, which stems from a failure of the pgsql and pdopgsql escape functions to check if a referenced function is...

CVE-2020-21814

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97...